AWS Elastic Disaster Recovery (drs)

Additions

Actions

• AssociateSourceNetworkStack
  
  • Description:  Grants permission to associate CloudFormation stack with source network
  • Access:  Write
  • Resources: 

    Name: SourceNetworkResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    cloudformation:DescribeStackResource

    cloudformation:DescribeStacks

    drs:GetLaunchConfiguration

    ec2:CreateLaunchTemplateVersion

    ec2:DescribeLaunchTemplateVersions

    ec2:DescribeLaunchTemplates

    ec2:DescribeSecurityGroups

    ec2:DescribeSubnets

    ec2:DescribeVpcs

    ec2:ModifyLaunchTemplate

• CreateSourceNetwork
  
  • Description:  Grants permission to create a source network
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    ec2:DescribeInstances

    ec2:DescribeVpcs

• DeleteSourceNetwork
  
  • Description:  Grants permission to delete source network
  • Access:  Write
  • Resources: 

    Name: SourceNetworkResource

    Required: Yes

• DescribeSourceNetworks
  
  • Description:  Grants permission to describe source networks
  • Access:  Read
• ExportSourceNetworkCfnTemplate
  
  • Description:  Grants permission to export CloudFormation template which contains source network resources
  • Access:  Write
  • Resources: 

    Name: SourceNetworkResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    s3:GetBucketLocation

    s3:GetObject

    s3:PutObject

• StartSourceNetworkRecovery
  
  • Description:  Grants permission to start network recovery
  • Access:  Write
  • Resources: 

    Name: SourceNetworkResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    cloudformation:CreateStack

    cloudformation:DescribeStackResource

    cloudformation:DescribeStacks

    cloudformation:UpdateStack

    drs:GetLaunchConfiguration

    ec2:CreateLaunchTemplateVersion

    ec2:DescribeLaunchTemplateVersions

    ec2:DescribeLaunchTemplates

    ec2:DescribeSecurityGroups

    ec2:DescribeSubnets

    ec2:DescribeVpcs

    ec2:ModifyLaunchTemplate

    s3:GetObject

    s3:PutObject

• StartSourceNetworkReplication
  
  • Description:  Grants permission to start network replication
  • Access:  Write
  • Resources: 

    Name: SourceNetworkResource

    Required: Yes

• StopSourceNetworkReplication
  
  • Description:  Grants permission to stop network replication
  • Access:  Write
  • Resources: 

    Name: SourceNetworkResource

    Required: Yes

Resources

• SourceNetworkResource
  
  • Arn:  arn:${Partition}:drs:${Region}:${Account}:source-network/${SourceNetworkID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Updates

Actions

• TagResource
  
  Resources
  
  • ＋ SourceNetworkResource
• UntagResource
  
  Resources
  
  • ＋ SourceNetworkResource